Merge branch 'main' into patch-23

Author: Ruchika-mittal01

defender-endpoint/find-defender-malware-name.md

@@ -35,11 +35,11 @@ To find the detection name of a malware family, you need to search the internet
 
 1. Get the name of the malware family
 2. Search the web for *malware family* + **cyberattack + hash** to find the hash
-3. Look up the hash in [Virus Total](https://www.virustotal.com/)
+3. Look up the hash in [VirusTotal](https://www.virustotal.com/)
 4. Find the Microsoft row and how we name the malware
-5. Look up the malware name in the [Microsoft Defender Security Intelligence website] (https://www.microsoft.com/en-us/wdsi/threats). You should see Microsoft information and guidance specific to that malware.
+5. Look up the malware name in the [Microsoft Defender Security Intelligence website](https://www.microsoft.com/wdsi/threats). You should see Microsoft information and guidance specific to that malware.
 
-For example, search for the "Sunburst cyberattack hash". One of the websites returned in the search results should have the hash. In this example, the hash is **a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc**. Then, look up this hash in [Virus Total](https://www.virustotal.com/).
+For example, search for the "Sunburst cyberattack hash". One of the websites returned in the search results should have the hash. In this example, the hash is **a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc**. Then, look up this hash in [VirusTotal](https://www.virustotal.com/).
 
 The results show the Microsoft row detects this malware as **Trojan:MSIL/Solorigate.BR!dha**. When you look up this malware name in the Microsoft Defender Security Intelligence website, you find information specific to that malware, including technical details and mitigation steps.
 

defender-office-365/defender-for-office-365-whats-new.md

@@ -53,14 +53,14 @@ For more information on what's new with other Microsoft Defender security produc
 
 ## October 2024
 
-- **Tenant Allow/Block List in Microsoft 365 now supports IPv6 address**: The [Tenant Allow/Block List](tenant-allow-block-list-about.md) now supports [allowing and blocking IPv6 addresses] (tenant-allow-block-list-ip-addresses-configure.md). It's available in Microsoft 365 Worldwide, GCC, GCC High, DoD, and Office 365 operated by 21Vianet environments.
+- **Tenant Allow/Block List in Microsoft 365 now supports IPv6 address**: The [Tenant Allow/Block List](tenant-allow-block-list-about.md) now supports [allowing and blocking IPv6 addresses](tenant-allow-block-list-ip-addresses-configure.md). It's available in Microsoft 365 Worldwide, GCC, GCC High, DoD, and Office 365 operated by 21Vianet environments.
 
 ## September 2024
 
 - With one click, SecOps personnel can take a quarantine release action directly from Explorer (Threat Explorer) or the Email entity page (no need to go to the Quarantine page in the Defender portal). For more information, see [Remediate malicious email delivered in Office 365](remediate-malicious-email-delivered-office-365.md).
 - [Use the built-in Report button in Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook): The built-in **Report** button in Outlook for Mac v16.89 (24090815) or later now supports the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) experience to report messages as Phishing, Junk, and Not Junk.
 - We're updating the end user experience for allow and block list management of their email messages. With one click, users can block email from unwanted senders and prevent those messages from appearing in their default quarantine view and in quarantine notifications. Users can also allow email from trusted and prevent future messages from those senders from being quarantined (if there are no admin overrides). Users also have visibility into any admin overrides that led to a quarantined email message. For more information, see [View quarantined email](quarantine-admin-manage-messages-files.md#view-quarantined-email).
-- Admins can see [policy](anti-spam-policies-configure.md#use-the-microsoft-defender-portal-to-modify-anti-spam-policies) what-if insights for the bulk complaint level (BCL) threshold, spoof, and impersonation settings, which lets them understand the implication of a setting change based on historical data. This capability lets admins confidently tune their settings without anxiety about possible repurcussions on users.
+- Admins can see [policy](anti-spam-policies-configure.md#use-the-microsoft-defender-portal-to-modify-anti-spam-policies) what-if insights for the bulk complaint level (BCL) threshold, spoof, and impersonation settings, which let them understand the implication of a setting change based on historical data. This capability lets admins confidently tune their settings without anxiety about possible repercussions on users.
 
 ## August 2024
 

defender-xdr/manage-rbac.md

@@ -45,7 +45,7 @@ Centralized permissions management is supported for the following solutions:
 |Solution|Description|
 |---|---|
 |Microsoft Defender XDR|Centralized permissions management for Microsoft Defender XDR experiences.|
-|Microsoft Defender for Endpoint|Full support for all endpoint data and actions. All roles are compatible with the device group's scope as defined on the device groups page.|
+|Microsoft Defender for Endpoint|Full support for all endpoint data and actions. All roles are compatible with the device group's scope as defined on the device groups page. Limiting permissions to different device groups is accomplished in the Devices Groups page.|
 |Microsoft Defender Vulnerability Management|Centralized permissions management for all  Defender Vulnerability Management capabilities.|
 |Microsoft Defender for Office 365|Full support for all data and actions. </br></br> **Note**: <ul><li>Initially, the Microsoft Defender XDR RBAC model is available only for organizations with Microsoft Defender for Office 365 Plan 2 licenses (trial licenses aren't supported).</li><li>Granular delegated admin privileges (GDAP) aren't supported.</li><li>Exchange Online PowerShell and Security & Compliance PowerShell continue to use [Exchange Online roles](/exchange/permissions-exo/permissions-exo) and [Email & Collaboration roles](/defender-office-365/mdo-portal-permissions). Microsoft Defender XDR Unified RBAC doesn't affect Exchange Online PowerShell or Security & Compliance PowerShell.</li><li>Azure B2B invited guests aren't supported by all experiences that were previously under Exchange Online RBAC.</li></ul>|
 |Microsoft Defender for Identity|Full support for all identity data and actions. </br></br> **Note:** Defender for Identity experiences also adhere to permissions granted from [Microsoft Defender for Cloud Apps](https://security.microsoft.com/cloudapps/permissions/roles). For more information, see [Microsoft Defender for Identity role groups](https://go.microsoft.com/fwlink/?linkid=2202729).|
@@ -78,6 +78,8 @@ This section provides useful information on what you need to know before you sta
 
 The new Microsoft Defender XDR Unified RBAC model provides easy migration of the existing permissions in the individual supported unified RBAC models to the new RBAC model.
 
+Defender for Endpoint Devices Groups now use the device groups side of the interface to define which groups have access to the proper Device Groups.
+
 All permissions listed within the Microsoft Defender XDR Unified RBAC model align to permissions in the individual RBAC models to ensure backward compatibility. For more information on how the permissions align, see [Map permissions in Microsoft Defender XDR unified role-based access control (RBAC)](compare-rbac-roles.md).
 
 <a name='activation-of-the-microsoft-365-defender-unified-rbac-model'></a>